British Man Charged With DDoS Disruptions, Selling Malware and ‘Crypters’
A 21-year-old man appeared in British court this week to face charges related to a number of cybercrime offenses, including helping to disrupt high-profile websites.
See Also: How to Scale Your Vendor Risk Management Program
Alex Bessell, from Liverpool, England, was accused of earning more than $700,000 (£530,000) since 2011 by selling malware as well as “crypters” that are designed to repack malware to better evade anti-virus software scanners.
Bessell has also been accused of infecting and controlling more than 9,000 “zombie” PCs and using them them “to orchestrate distributed denial-of-service attacks on firms like Skype, Pokemon and Google in an attempt to crash their online operations,” according to police.
After he appeared in court on Monday, a judge ruled that Bessell’s case would be transferred to crown court, where he’s due to appear later this month. In England, most cases begin in magistrates’ court, but more serious cases often get transferred to crown court.
Bessell faces 11 charges, including unauthorized access to computers, impairing the operation of computers, making and supplying malware and money laundering, law enforcement officials say.
The charges were filed following an investigation conducted by cybercrime detectives at the Regional Organized Crime Unit, or ROCU, for England’s West Midlands region, based in Birmingham.
While the list of charges against Bessell released by police do not explicitly accuse him of functioning as a DDoS-as-a-service provider, that is often how DDoS disruption capabilities get monetized (see FBI to DDoS Victims: Please Come Forward).
Web Business: Aiobuy
Police say Bessell has also been accused of “setting up the web business ‘Aiobuy'” as well as making false statements to Companies House, which is the United Kingdom’s registrar of companies.
On March 20, 2015, Bessell incorporated “Aiobuy” via Companies House. But after receiving a warning in June 2016, the company was dissolved in August 2016 via a “compulsory strike-off.” Unlike a voluntary strike-off, in which a company’s directors typically will apply to Companies House to close down their company, a compulsory strike-off means it has been initiated by authorities, perhaps because a firm has not paid its taxes or other creditors.
It’s not clear just what services Aiobuy might have offered or if the firm helped Bessell amass his alleged earnings.
But in March 2015, a new user with the handle “AlexTM” announced to the Bitcoin Forum site’s project development section the launch of “an autobuy service called aio-buy” at the “aiobuy.net” domain.
“What this website does is allow you to sell your product, no matter what it is. We enable you to sell files that will be sent to the customer after he has made his purchase, .netseal programs that will also be sold automatically, the code and download link will be sent to the client after he purchases. We also allow you to sell your codes, once the customer purchases he gets sent one of the codes or logins you have added to my system,” AlexTM posted.
On May 29, 2015, meanwhile, a user with the handle “AlexTM” posted to a hacker-focused social network called Hack Forums announcing that an instant payment notification feature had been added to Aiobuy (see 13 Scenes from an Irish Cybercrime Conference).
In a potential clue as to the money laundering charges filed against Bessell, by May 2016, AlexTM claimed to have processed more than $5 million in transactions via the Bitcoin Forum.
AlexTM’s Hack Forums biography also listed “DefensiveServers.com” as being one of his sites. The holder of that domain name’s registration has been obscured via a domain-privacy site.
But a post to Hack Forums dated Aug. 25, 2015, lists the site as providing shared hosting, VPN and reverse proxies among its services and also lists multiple testimonials. One reads: “Alex is a nice person and I love his services. I defnitely [sic] recommend dealing with him.”